From a9370e9f996b7ce61bb1a9612a0625161a922320 Mon Sep 17 00:00:00 2001
From: "Ryan C. England" <rcengland@gmail.com>
Date: Sun, 18 Aug 2019 21:49:35 -0400
Subject: 9096 passwords (policy.conf) should default to sha512 Reviewed by:
 Peter Tribble <peter.tribble@gmail.com> Reviewed by: Andy Fiddaman
 <omnios@citrus-it.co.uk> Reviewed by: Toomas Soome <tsoome@me.com> Approved
 by: Dan McDonald <danmcd@joyent.com>

---
 usr/src/lib/libsecdb/policy.conf |  6 +++---
 usr/src/man/man4/policy.conf.4   | 18 +++++++++---------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/usr/src/lib/libsecdb/policy.conf b/usr/src/lib/libsecdb/policy.conf
index db9b8cb1f5..60fea9f5f3 100644
--- a/usr/src/lib/libsecdb/policy.conf
+++ b/usr/src/lib/libsecdb/policy.conf
@@ -44,11 +44,11 @@ CRYPT_ALGORITHMS_ALLOW=1,2a,md5,5,6
 #
 #CRYPT_ALGORITHMS_DEPRECATE=__unix__
 
-# The OpenSolaris default is a SHA256 based algorithm.  To revert to
-# the policy present in Solaris releases set CRYPT_DEFAULT=__unix__,
+# The illumos default is a SHA512 based algorithm.  To revert to
+# the policy present in former Solaris releases set CRYPT_DEFAULT=__unix__,
 # which is not listed in crypt.conf(4) since it is internal to libc.
 #
-CRYPT_DEFAULT=5
+CRYPT_DEFAULT=6
 #
 # These settings determine the default privileges users have.  If not set,
 # the default privileges are taken from the inherited set.
diff --git a/usr/src/man/man4/policy.conf.4 b/usr/src/man/man4/policy.conf.4
index 65b6d04494..4c933fbfc4 100644
--- a/usr/src/man/man4/policy.conf.4
+++ b/usr/src/man/man4/policy.conf.4
@@ -13,7 +13,7 @@ policy.conf \- configuration file for security policy
 .fi
 
 .SH DESCRIPTION
-.sp
+
 .LP
 The \fBpolicy.conf\fR file provides the security policy configuration for
 user-level attributes. Each entry consists of a key/value pair in the form:
@@ -132,10 +132,10 @@ another algorithm, such as \fBCRYPT_DEFAULT=1\fR for BSD and Linux MD5.
 .ad
 .sp .6
 .RS 4n
-Specify the default algorithm for new passwords. The Solaris default is the
-traditional UNIX algorithm. This is not listed in \fBcrypt.conf\fR(4) since it
-is internal to \fBlibc\fR. The reserved name \fB__unix__\fR is used to refer to
-it.
+Specify the default algorithm for new passwords. The Solaris default was once
+the traditional UNIX algorithm. This is not listed in \fBcrypt.conf\fR(4) since
+it is internal to \fBlibc\fR. The reserved name \fB__unix__\fR is used to refer
+to it.
 .RE
 
 .sp
@@ -186,7 +186,7 @@ specifications are unaffected by any future addition of privileges that might
 occur.
 
 .SH FILES
-.sp
+
 .ne 2
 .na
 \fB\fB/etc/user_attr\fR\fR
@@ -223,7 +223,7 @@ Defines policy for the system.
 .RE
 
 .SH ATTRIBUTES
-.sp
+
 .LP
 See \fBattributes\fR(5) for descriptions of the following attributes:
 .sp
@@ -239,13 +239,13 @@ Interface Stability	Committed
 .TE
 
 .SH SEE ALSO
-.sp
+
 .LP
 \fBlogin\fR(1), \fBpfexec\fR(1), \fBchkauthattr\fR(3SECDB),
 \fBgetexecuser\fR(3SECDB), \fBauth_attr\fR(4), \fBcrypt.conf\fR(4),
 \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5),
 \fBprivileges\fR(5)
 .SH NOTES
-.sp
+
 .LP
 The \fIconsole user\fR is defined as the owner of \fB/dev/console\fR.
-- 
cgit v1.2.3